wp_kses_attr_check( string $name, string $value, string $whole, string $vless, string $element, array $allowed_html ): bool

Source

function wp_kses_attr_check( &$name, &$value, &$whole, $vless, $element, $allowed_html ) {	$name_low = strtolower( $name );	$element_low = strtolower( $element );	if ( ! isset( $allowed_html[ $element_low ] ) ) {	$name = '';	$value = '';	$whole = '';	return false;	}	$allowed_attr = $allowed_html[ $element_low ];	if ( ! isset( $allowed_attr[ $name_low ] ) || '' === $allowed_attr[ $name_low ] ) {	/* * Allow `data-*` attributes. * * When specifying `$allowed_html`, the attribute name should be set as * `data-*` (not to be mixed with the HTML 4.0 `data` attribute, see * https://www.w3.org/TR/html40/struct/objects.html#adef-data). * * Note: the attribute name should only contain `A-Za-z0-9_-` chars. */	if ( str_starts_with( $name_low, 'data-' ) && ! empty( $allowed_attr['data-*'] )	&& preg_match( '/^data-[a-z0-9_-]+$/', $name_low, $match )	) {	/* * Add the whole attribute name to the allowed attributes and set any restrictions * for the `data-*` attribute values for the current element. */	$allowed_attr[ $match[0] ] = $allowed_attr['data-*'];	} else {	$name = '';	$value = '';	$whole = '';	return false;	}	}	if ( 'style' === $name_low ) {	$new_value = safecss_filter_attr( $value );	if ( empty( $new_value ) ) {	$name = '';	$value = '';	$whole = '';	return false;	}	$whole = str_replace( $value, $new_value, $whole );	$value = $new_value;	}	if ( is_array( $allowed_attr[ $name_low ] ) ) {	// There are some checks.	foreach ( $allowed_attr[ $name_low ] as $currkey => $currval ) {	if ( ! wp_kses_check_attr_val( $value, $vless, $currkey, $currval ) ) {	$name = '';	$value = '';	$whole = '';	return false;	}	}	}	return true; } 

View all references View on Trac View on GitHub